My office implemented both Meltdown and Spectre patches over the weekend…

In the previous weeks, both the Meltdown and Spectre processor vulnerabilities have been making a great deal of news. At my office – a financial firm – a Windows shop running Windows 7 (like most of the business world), implemented Windows based patches this past weekend. The results, especially in some of our older hardware, haven’t been very good. Thankfully, those machines are non-critical, non-business systems: For example, those that are used to display presentations in a conference room during a meeting. Unfortunately, the performance on those machines is atrocious. They are nearly unusable.

To understand what’s going on with those machines and why they now suck beyond all relief, we have to understand what the vulnerabilities are and what’s needed to patch both of them.

Meltdown effects both x86 and ARM based microprocessors and allows rogue processes read all memory, even if unauthorized to do so. Meltdown effects nearly ALL processors used today. Resolution of this vulnerability will require a hardware revision, or effectively a new processor. For most computers – laptops especially – this isn’t likely to happen. Replacing a laptop’s microprocessor is expensive, and is likely not possible, as it would also require new system boards and supporting chipsets.

The only way to resolve this vulnerability is to come up with some level of operating system patch. Most of the operating systems used today have been, or are in the process of being, patched, including iOS, Linux, macOS and Windows.

Unfortunately, Meltdown patches are likely to cause performance issues, especially in older machines. The vulnerability makes all memory, including cache memory accessible. The patch works by constantly flushing the cache, making the computer work harder to put information back into it, where it can be read quickly. Unfortunately, since the cache is constantly being flushed, the computer is often forced to read it back into memory from the hard drive, slowing things down. In some cases, this happens far too often, forcing your computer’s hardware to fight against its operating system, putting it into a constant read loop. By the time the drive has read ahead enough information, its likely had the cache flushed, requiring it to start over again.

Spectre is a vulnerability that effects modern processors that perform branch prediction, or a way to predetermine possible execution outcomes allowing for speed of computations and actions. When the computer doesn’t predict where “you’re going” correctly, your computer may leave observable side effects that may reveal private data to hackers. For example, if the pattern of memory accesses performed by such speculative execution depends on private data, the resulting state of the data cache constitutes a side channel through which an attacker may be able to extract information about the private data using a timing attack.

There are two common vulnerabilities and exposure IDs related to Spectre, one for bounds check bypass and one for branch target injection. JIT engines used for JavaScript were found vulnerable. A website can read data stored in the browser for another website, or the browser’s memory itself.

Unfortunately, Spectre patches are also known to cause performance issues; and they have been reported to significantly slow down a PC’s performance, especially, again, on older computers. On newer, 8th generation Intel processors, performance has been known to take a 2% to 14% hit.

With both of these patches on your machine, your current computing experience is likely totally hosed, no matter what generation processor you have or how much computing power you possess.

For example, if you do anything with any kind of video, you’re going to have an especially hard time. Patches for both of these vulnerabilities are likely to result in a performance hit of anywhere between 10% to as much as 50%. As a result, graphic and video renders can take up to twice as long to complete, if they don’t just crash your machine.

However, it isn’t all gloom and doom. There does appear to be some light at the end of the tunnel. Fixes for Spectre aren’t easy to implement. The problem is likely going to be around for quite some time. However, while a great deal of the vulnerabilities are executed through Java Script, and therefore while you’re surfing the web, Browsers such as Chrome, and Firefox are implementing other processes on top of the OS level patches you likely already have. You could also completely eliminate browser based exploits for both Meltdown and Spectre by disabling JavaScript all together.

It has also been suggested that the cost of mitigation can be alleviated by processors which feature selective translation lookaside buffer (TLB) flushing, a feature which is called process-context identifier (PCID) under Intel 64 architecture; and under Alpha, an address space number (ASN). This is because selective flushing enables the TLB behavior crucial to the exploit to be isolated across processes, without constantly flushing the entire TLB – the primary reason for the cost of mitigation.

Personally, I haven’t seen much of a slow down on my Late 2013 MacBook Pro. Thankfully, I seem to be falling somewhere in the 2% to 14% performance hit. How things go from here, however will help me decide if I stay with this Mac or wait until Apple releases a new Mac with a new processor that doesn’t fall victim to this nasty issue.

What happened to you and your computer? Do you have an older machine? Have you installed the patches? Are you experiencing a performance hit that you’d like to reveal or discuss with someone?

If so, give me a shout and let me know where you stand. You can find me in the Discussion are a below or you can send me an email.

I create training materials all the time. Part of what I do for my day job occasionally requires me to train end users in some kind of computer based process or procedure. It doesn’t happen all that often, but when it does, I’m glad I have tools like Camtasia Studio. It’s a screencast tool for Windows.

Creating a great screencast happens in three simple steps: Record, Edit and Share.

Camtasia Studio’s flexible recording options allow you to capture a full screen or a window or region. You can add in music tracks, a spoken, vocal track, or your computer’s audio. You can also include picture-in-picture video with your web camera. If you’re using PowerPoint to give a presentation that you want to record for use by invitees who couldn’t attend the initial presentation, Camtasia’s toolbar inside PowerPoint makes it easy to record your presentations, either live or from your desk. TechSmith’s exclusive SmartFocus technology keeps track of where the action happens on your computer screen during your recording. It then produces a video that zooms in on the parts you need to show.

Once you have your content recorded, Camtasia Studio allows you to spruce it up. You can easily create callouts by adding a graphic over your video to direct the attention of your viewers. You can also link to an external webpage or jump to a part of the video. If you’re stuck for the right graphic to use, Camtasia Studio comes stocked with professionally-designed assets you can drag-and-drop into your video. You can also the store your callouts, title slides, and other assets for re-use and sharing later.

After you have your screencast created, the final step is sharing it with your audience. You can share to YouTube and Screencast.com, TechSmith’s video hosting service. You can also produce videos in a variety of formats including, MP4, FLV/SWF, M4V, AVI, WMV, MOV, RM, Animated GIF and MP3 (for audio only).

Moo0 WindowMenuPlus is a free tool that lets you have extra useful menus in every system window menu. All you have to do is to install this tool and right-click on any window’s title bar or taskbar button (works only for Vista and XP). Extra menus such as “Keep on Top”, “Transparency Adjustment”, “Process Priority Adjustment”, “Various Information about the Program” will appear in every system window menu.

Not only that you can have additional useful menus for each installed application on you system , but you can also configure which menus should appear or not. With WindowMenuPlus you can also kill or set new process priorities, keep on top any application’s window or set its transparency, and even acquire additional program information that might be useful to diagnose it. You can also set WindowMenuPlus to open the program’s folder with a single click.

In Windows 7, Aero Snap allows the user to automatically re-size any window to half the desktop’s space while dragging it to the left or to the right screen extremity. This feature has been extended by WindowMenuPlus through additional re-size or maximize operations.

Being a free tool, WindowMenuPlus is not very polished, therefore some basic functions are missing. For instance, the program does not work with applications that don’t use standard window’s menu bar and loses all the settings when it is closed.